Dennis Kengo Oka, Ph.D.

Explore modern vehicle architectures designed to support automotive IoT use cases
Discover cybersecurity practices and processes to develop secure automotive IoT applications
Gain insights into how cloud technologies and services power automotive IoT applications

Explores how the automotive industry can address the increased risks of cyberattacks and incorporate security into the software development lifecycle

ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would… さらに表示

ECU software is responsible for various functionality in the vehicle, e.g., engine control and driver assistance systems. Therefore, bugs or vulnerabilities in such systems may have disastrous impacts affecting human life. We consider possible vulnerabilities in ECU software and examine attack techniques for such vulnerabilities. Since we did not acquire and reverse-engineer actual ECU software, we first consider in theory how and if attacks are possible under the assumption that there would exist memory corruption vulnerabilities in ECU software. For our investigation, we consider the ECU microcontroller architecture TriCore1797 which exists in a number of ECUs. In contrast to x86 architecture, the return address is not stored on the stack; therefore, we assumed that performing code execution by stack overflow would not be easy. We investigated if it would be possible to perform arbitrary code execution based on approaches from the PC environment and also if other attack approaches could be considered. We considered the following attack approaches:
1) Overwriting a function pointer stored on the stack by performing a buffer overflow to execute code;
2) Overwriting the memory area handling context switching used by TriCore itself to execute code;
3) Overwriting the vector tables used by interrupt and trap functions.
Moreover, using a TriCore evaluation board and software created to perform the experiments, we tested the various attack approaches. We confirmed that several attack approaches are not possible due to security mechanisms provided by the microcontroller or differences in the microcontroller architecture compared to traditional CPUs. However, under certain specific conditions, as a result of performing a buffer overflow attack to overwrite a function pointer, we manage to make the TriCore jump to an address of our choosing and execute the code already stored on that location. 部分表示

In recent years, information technology has entered the automobile domain. There is an emerging trend among automobile manufacturers to perform wireless diagnostics and firmware updates. This wireless vehicle-to-infrastructure environment, where the automobile manufacturer establishes a wireless connection to a vehicle, introduces a number of security threats. This book focuses on the security aspects of such environments. Security challenges for this and similar scenarios are first identified… さらに表示

In recent years, information technology has entered the automobile domain. There is an emerging trend among automobile manufacturers to perform wireless diagnostics and firmware updates. This wireless vehicle-to-infrastructure environment, where the automobile manufacturer establishes a wireless connection to a vehicle, introduces a number of security threats. This book focuses on the security aspects of such environments. Security challenges for this and similar scenarios are first identified and analyzed. Based on such analyses and the challenges identified therein, specific solutions for the wireless vehicle-to-infrastructure environment are suggested. The security issues and solutions presented in this book may serve as a roadmap for future research in this field, and should be especially useful for professionals in Network Security and Vehicle Communication fields, or anyone else who may be interested in future computer security trends for vehicle-to-infrastructure environments. 部分表示